class System::UserManageController < ApplicationController
  before_filter :auth
 # layout "user_manage"

  def index
  end

  def user_list
    @users = User.paginate  :page => params[:page],
                                :per_page => 30
  end
  def destroy_user
     user=User.find(params[:id])
    if user.username=="admin" 
     flash[:errors]="admin 管理员帐户不能删除！"
     redirect_to("/system/user_manage/user_list")
     elsif  user.id=session[CURRENT_USER_ID]
     flash[:errors]="自己不能删除自得的帐号！"
     redirect_to("/system/user_manage/user_list")
     elsif 
     user.destroy
     redirect_to("/system/user_manage/user_list")
    end
  end
  
  def role_list
   # @roles=Role.find(:all)
    @roles = Role.paginate  :page => params[:page],
                                :per_page => 10
  end
    
  def pa_update
    @user=current_user
        if params[:newpa]!="" && params[:connewpa] !="" && params[:connewpa] == params[:newpa]
           if User.authenticate(@user.username, params[:oldpa])
              @user.password=params[:newpa]
              @user.save!
            redirect_to("/system/user_manage/index")
         else
           flash[:error]="原密码错误！"
           redirect_to(:controller=>"system/user_manage" , :action=>"chpa")  
         end
      else
        flash[:error]="两次输入新密码不一致"
        redirect_to(:controller=>"system/user_manage" , :action=>"chpa")  
      end
  end    
  
  
  def  ur_update
    id=params[:id]
    u_id=id.split("&")[0]
    r_id=id.split("&")[1]
    temp_ur=UserRole.find_by_sql("select id from user_roles where user_id="+u_id+" and  role_id ="+r_id )
    #puts "select id from user_roles where user_id="+u_id+" and  role_id ="+r_id 
   # puts temp_ur.length
    if   temp_ur.length==0
      UserRole.add(u_id,r_id)
      redirect_to :action=>"user_list"
    else
      UserRole.del(u_id,r_id)
      redirect_to :action=>"user_list"
    end
  end  
      
  def  rp_update
    id=params[:id]
   # puts id
    r_id=id.split("&")[0]
    p_url=id.split("&")[1]
    name=id.split("&")[2]
    
    temp_rp=Permisssion.find_by_sql("select id from permisssions where role_id="+r_id+" and  url ='"+p_url+"'" )
  #  puts "select id from permisssions where role_id="+r_id+" and  url ="+p_url 
   # puts p_url
    if   temp_rp.length==0
      Permisssion.add(r_id,p_url,name)
      redirect_to :action=>"role_list"
    else
      Permisssion.del(r_id,p_url)
      redirect_to :action=>"role_list"
    end
  end
      
  def pa_update_bak
    @user=current_user
    if params[:connewpa] == params[:newpa]
     if User.authenticate(@user.username, params[:oldpa])
      @user.password=params[:newpa]
      @user.save!
      flash[:notice]="密码修改成功！"
      redirect_to(:controller=>"system/user_manage" , :action=>"index")  
     else
     flash[:error1]="原密码错误！"
     redirect_to(:controller=>"system/user_manage" , :action=>"chpa")  
     end
    else
    flash[:error2]="两次输入新密码不一致"
    redirect_to(:controller=>"system/user_manage" , :action=>"chpa")  
  end
  end
  
end
